search

hashicorp / terraform-provider-vault

Terraform Vault provider
https://www.terraform.io/docs/providers/vault/
Mozilla Public License 2.0
451 stars 535 forks source link

[Bug]: raft_snapshot_agent_config #2183

Open shuhaib-kk opened 4 months ago

shuhaib-kk commented 4 months ago

Terraform Core Version

1.0.11

Terraform Vault Provider Version

3.25.0

Vault Server Version

1.15

Affected Resource(s)

raft_snapshot_agent_config

Expected Behavior

aws_secret_access_key should be fetched

Actual Behavior

aws_secret_access_key is not being passed or fetched from vars.

Screenshot 2024-03-11 at 12 35 55 PM

![Uploading Screenshot 2024-03-11 at 1.00.22 PM.png…]()

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "vault_raft_snapshot_agent_config" "s3_backups" { name = "s3_daily" interval_seconds = 1800 # 30 mins retain = 7 path_prefix = "/tf-vault-backup/dev/" storage_type = "aws-s3" aws_s3_bucket = var.s3_backup_bucket aws_s3_region = var.s3_backup_bucket_region aws_access_key_id = var.aws_access_key_id aws_secret_access_key = var.aws_secret_access_key }

Steps to Reproduce

resource "vault_raft_snapshot_agent_config" "s3_backups" { name = "s3_daily" interval_seconds = 1800 # 30 mins retain = 7 path_prefix = "/tf-vault-backup/dev/" storage_type = "aws-s3" aws_s3_bucket = var.s3_backup_bucket aws_s3_region = var.s3_backup_bucket_region aws_access_key_id = var.aws_access_key_id aws_secret_access_key = var.aws_secret_access_key }

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/raft_snapshot_agent_config#aws_secret_access_key

Would you like to implement a fix?

None

shuhaib-kk commented 4 months ago

Screenshot 2024-03-11 at 1 00 22 PM

fairclothjm commented 4 months ago

@shuhaib-kk Hello, I am sorry you are having trouble. Could you please from an error output or error log? It is hard to say exactly what is happening without any error information. The second screenshot does indicate that the automated snapshots config was deleted out-of-band. Did you delete the s3_daily config in Vault outside of terraform?

shuhaib-kk commented 4 months ago

@fairclothjm Hi, the issue is even though am passing aws_secret_key_id argument using variable. it is not getting configured on vault side. i also checked in state file where it is coming as "aws_secret_access_key": "", but am able to see aws_access_key_id in the state file.

so i just tried to recreate the config by deleting the config outside terraform and while recreating aws_secret_access_key is not being shown as you can see in the above screenshot

fairclothjm commented 4 months ago

Thanks @shuhaib-kk! It doesn't look like the vault_raft_snapshot_agent_config will pickup any environment variables. Please make sure aws_secret_access_key is set in the config.

shuhaib-kk commented 4 months ago

@fairclothjm you mean configure out of terraform? resource "vault_raft_snapshot_agent_config" "s3_backups" { name = "s3_daily" interval_seconds = 1800 # 30 mins retain = 7 path_prefix = "/tf-vault-backup/dev/" storage_type = "aws-s3" aws_s3_bucket = var.s3_backup_bucket aws_s3_region = var.s3_backup_bucket_region aws_access_key_id = var.aws_access_key_id aws_secret_access_key = var.aws_secret_access_key }

this my tf code and all variables are being picked up except aws_secret_access_key

fairclothjm commented 4 months ago

@shuhaib-kk Thanks, can you confirm that var.aws_secret_access_key is being populated with your variable as expected?

shuhaib-kk commented 4 months ago

@fairclothjm no, var.aws_secret_access_key is not getting populated as expected and it is also not visible in state file. Where as access key is getting populated i even tried passing aws_secret_access_key during tf apply command